CVE-2001-0326Oracle Application Server vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Application ServerOracle Oracle8i
Timeline
PublishedMay 3
Latest updateApr 30

Description

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the > FilePermission.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDoracle/application_serverrelease_1.0.2.0.1
NVDoracle/oracle8i8.1.7_r3

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-c5qh-2j3r-79wm: Oracle Java Virtual Machine (JVM ) for Oracle 82022-04-30
CVEList
CVE-2001-0326: Oracle Java Virtual Machine (JVM ) for Oracle 82001-05-07
CVE-2001-0326 — Oracle Application Server vulnerability | cvebase